mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Valerio Setti	02f30230c4	pem: zeroize the entire buffer in case of errors in mbedtls_pem_read_buffer() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-20 10:22:36 +01:00
Valerio Setti	e88a1c5b85	pem: fix return values in pem_check_pkcs_padding() Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors. This commit also fix related failures in test pkparse and pem test suites. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-19 15:09:41 +01:00
Valerio Setti	4cc6522a85	pem: do not parse ASN1 data after decryption (removes ASN1 dependency) Now that we have padding verification after decryption and since this can be used to validate the password as well there is no need to parse ASN1 content any more, so we can simplify/remove that dependency. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-16 15:26:12 +01:00
Valerio Setti	8aff4ef274	test_suite_pem: add more test cases for invalid padding data Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-16 15:26:08 +01:00
Valerio Setti	0f286d5453	pem: reject empty PEM contents Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-16 14:30:58 +01:00
Valerio Setti	095e1ac71c	pem: check data padding in DES/AES decrypted buffers Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-14 06:44:07 +01:00
Valerio Setti	2653e92a57	pem: fix valid data length returned by mbedtls_pem_read_buffer() ctx->buflen now returns the amount of valid data in ctx->buf. Unencrypted buffers were already ok, but encrypted ones were used to return the length of the encrypted buffer, not the unencrypted one. This commit fix this behavior for encrypted buffers. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-09 06:42:18 +01:00
Valerio Setti	b1f6d2ad6f	asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-09 06:42:18 +01:00
Valerio Setti	9de84bd677	rsa: reject buffers with data outside main SEQUENCE when parsing keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-09 06:42:18 +01:00
Janos Follath	7a28738205	Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface New test thread interface	2024-02-08 12:35:40 +00:00
Manuel Pégourié-Gonnard	b7307630bb	Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1 Conversion function between raw and DER ECDSA signatures (guards in ASN1)	2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard	7bf1e98f44	Merge pull request #8740 from valeriosetti/issue8647 Move RSA basic key parsing/writing to rsa.c	2024-02-08 08:35:42 +00:00
Tom Cosgrove	c8de362202	Merge pull request #8665 from ivq/reduce_static_mem Reduce many unnecessary static memory consumption	2024-02-07 23:26:27 +00:00
Valerio Setti	1910390b4a	psa_util: improve leading zeros check in convert_der_to_raw_single_int() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-07 16:16:58 +01:00
Manuel Pégourié-Gonnard	1d7bc1ecdf	Merge pull request #8717 from valeriosetti/issue8030 PSA FFDH: feature macros for parameters	2024-02-07 10:06:03 +00:00
Dave Rodgman	57a0957938	Merge pull request #8788 from daverodgman/old-gcc-alignment-bug Change unaligned access method for old gcc	2024-02-07 09:31:45 +00:00
Valerio Setti	447bbce8b4	rsa: remove unnecessary check in priv/pub key parsing Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-07 08:02:03 +01:00
Gilles Peskine	f45589b492	Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity KDF incorrect initial capacity	2024-02-06 17:29:43 +00:00
Gilles Peskine	137e0c1a02	Merge pull request #8761 from valeriosetti/issue4681 Re-introduce enum-like checks from CHECK_PARAMS	2024-02-06 17:29:38 +00:00
Gilles Peskine	fb7001f15b	Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage Implement mbedtls_pk_get_psa_attributes	2024-02-06 17:28:54 +00:00
Valerio Setti	bb76f80218	pk_wrap: use proper raw buffer length in ecdsa_sign_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:57:23 +01:00
Valerio Setti	cf81f69977	psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:57:12 +01:00
Valerio Setti	6269f3baf4	Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()" This reverts commit `d4fc5d9d1c`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:55:18 +01:00
Dave Rodgman	e093281a8b	Pacify check-names Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 15:00:58 +00:00
Dave Rodgman	d09f96b829	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:51:58 +00:00
Dave Rodgman	22b934e6d2	Use struct not union Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Dave Rodgman	f4e8234f93	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Dave Rodgman	ec9936d122	Improve gcc guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:04:09 +00:00
Dave Rodgman	b327a1e706	Change unaligned access method for old gcc gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows that __attribute__ aligned may be ignored. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 11:32:01 +00:00
Chien Wong	4e9683e818	Reduce many unnecessary static memory consumption .data section of ssl_client1 becomes 320 bytes smaller on AMD64. Signed-off-by: Chien Wong <m@xv97.com>	2024-02-06 17:50:44 +08:00
Gilles Peskine	8a85673a39	Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage	2024-02-06 10:14:17 +01:00
Valerio Setti	d4fc5d9d1c	psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der() The only real contraint on the raw buffer is that it is large enough to contain 2 coordinates. Larger buffers are therefore allowed and the extra data will simply be ignored. Note = trying to impose a strict sizing on the raw buffer causes several failures in test suites. This suggests that it is quite common to use larger buffer to store raw signatures. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 08:42:42 +01:00
Valerio Setti	fe329cea3f	rsa: handle buffer length similarly in private and public key parsing Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 08:00:18 +01:00
Ronald Cron	71c6e65d83	tls13: ssl_msg.c: Improve/add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:54:37 +01:00
Ronald Cron	31e2d83eee	tls13: srv: Improve coding Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:45:57 +01:00
Valerio Setti	091bdc416d	psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 16:18:04 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Valerio Setti	05c256fb36	psa_util: minor performance improvement in mbedtls_ecdsa_der_to_raw() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 16:02:11 +01:00
Valerio Setti	bec1d842ac	psa_util: convert_der_to_raw_single_int() accepts also all zero integers These values are not mathematically valid as signature, but as for what it concerns with ECDSA conversion functions, 0 values in DER format should be translated to 0 values in raw format. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 15:50:02 +01:00
Valerio Setti	8334d00772	psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 15:35:26 +01:00
Valerio Setti	2bd0ecdf45	psa_util: improve documentation for convert_raw_to_der_single_int() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 15:25:15 +01:00
Janos Follath	747bedb0b0	Merge pull request #8733 from ivq/gcm_ad_len_check Add back restriction on AD length of GCM	2024-02-05 13:33:58 +00:00
Valerio Setti	954ef4bbd5	psa_util: improve convert_raw_to_der_single_int() Allow the function to support DER buffers than what it is nominally required by the provided coordinates. In other words let's ignore padding zeros in the raw number. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 12:06:46 +01:00
Valerio Setti	315e4afc0a	psa_util: change parameters order in ECDSA conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 10:09:15 +01:00
Valerio Setti	13ab693c49	rsa_internal: fix documentation for mbedtls_rsa_parse_key() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-05 08:48:39 +01:00
Jerry Yu	f57d14bed4	Ignore early data app msg before 2nd client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Jerry Yu	263dbf7167	tls13: srv: Do not allow early data indication in 2nd ClientHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	1483dc3bde	tls13: cli: Indicate early data only in first ClientHello Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	2995d35ac3	tls13: srv: Deprotect and discard early data records Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00

1 2 3 4 5 ...

12845 commits